3
votes

I have this situation where an old computer with Windows XP is working as a server for a system, and has the possibility to send alarms to me when something goes wrong. However, this server program that we use is really buggy, and can at some given moment just stop caring about the alarms. These alarms then pile up, and get all sent at once, when the program is finally restarted. This makes these alarms pretty useless, because by the time you restart the program, you already know that something is wrong with the system.

The solution that I'm aiming at is that Windows Task Scheduler could every night kill and then restart the program with the help of a simple batch file. I can't seem to find a way to kill the process though, because the program's process is running as a subprocess, a child process, of the Windows process csrss.exe.

If I open the taskmanager I can see the process and kill it, but the command tasklist only shows the parent process csrss.exe, and I need the PID to kill it with taskkill. Yes, tasklist does have the extra parameter /t that kills the child process as well, but I need a way to ONLY kill the child process, and leave the apparently essential for Windows csrss.exe running.

So my question is: Does anyone know how to ONLY kill a child process with the help of a batch file?

This could of course be done by coding a specific program for this, and then have the batch file use that program, but I'm hoping for a quick fix.

So far I have:

TASKLIST /FI "IMAGENAME eq program.exe" 2>NUL | FIND /I /N "program.exe">NUL
IF NOT %ERRORLEVEL%==0 GOTO :restart
TASKKILL /FI "IMAGENAME eq program.exe" /F /T

:restart
START /D "C:\path\" program.exe

EDIT:

I just realized that a process' image name isn't indented in the Task Manager because it's a child process of another process, but because it's a 16-bit process (how intuitive). So, it's a 16-bit process and the question now is how do you find a PID to, or otherwise kill a 16-bit process. Tasklist, as I mentioned, isn't showing it and neither is pslist.

1
The question you need to answer is "why doesn't tasklist show me that process?" Is it a 16-bit process? Have you tried using pslist instead of tasklist?Harry Johnston
Yes, it's a 16-bit process - is that why tasklist isn't showing anything? Is there a way to also have 16-bit processes shown? I tried to install pstools, and pslist along with it, but it couldn't find the process either.Muuse
I don't know if there's something pre-made, but these should be the relevant APIs for managing 16-bit tasks running under NT-family Windows versions.Matteo Italia
Thank you, Matteo. I think the problem solved itself by force-killing a process named ntvdm.exe, though. But in case there still turns out to be problems, I'll give those a try.Muuse

1 Answers

1
votes

I think I managed to solve my problem, and I'm leaving this here for anyone who might encounter anything similar.

I tried to kill the process ntvdm.exe instead, since it was "reachable" by tasklist and taskkill, and because a google search revealed it to be Windows' virtual machine that lets 16-bit programs run on a 32-bit system. I first tried to kill it without forcing it, but that only killed ntvdm.exe, and not the 16-bit process itself. Forcing it however seemed to work alright, though I wouldn't recommend this solution (for obvious reasons) anywhere where there are multiple essential 16-bit processes running.

The command I finally ended up using was:

TASKKILL /FI "IMAGENAME eq ntvdm.exe" /F /T